HomeWinBuzzer NewsUnpatchable iOS Exploit Could Leave Seven Generations of iPhones Vulnerable

Unpatchable iOS Exploit Could Leave Seven Generations of iPhones Vulnerable

In another security blow for Apple, a researcher has handed an "unpatchable public bootrom exploit" to the jailbreak community.


An iOS security researcher has released what he claims to be an unpatchable ‘public bootrom' exploit that affects hundreds of millions of iOS devices. Named checkm8, it allegedly works on iPhones 4S to X, letting attackers decrypt keybags with AES engine, dump SecureROM, and demote the device to enable JTAG.

Developer axi0mX discovered the flaw and released it to aid the jailbreak community. Thankfully, the attack can not be triggered remotely, but it could be used as a tool to gain a degree of control over a phone that doesn't belong to an attacker.

As axi0mX mentions, though, the biggest interest may be to the jailbreaking community. Jailbreaking an refers to the practice of using a chain of exploits to let a user modify a device beyond what intended. Until today, the last phone with a public bootrom exploit available was the iPhone 4.

ipwndfu Tool

Currently, the ‘ipwndfu' tool released by the dev isn't focused on a full jailbreak, however. It doesn't integrate non-official AppStore Cydia yet and is primarily focused on aiding the security community. The GitHub-hosted tool currently holds the following features:

  • “Jailbreak and downgrade iPhone 3GS (new bootrom) with alloc8 untethered bootrom exploit. 🙂
  • Pwned DFU Mode with steaks4uce exploit for S5L8720 devices.
  • Pwned DFU Mode with limera1n exploit for S5L8920/S5L8922 devices.
  • Pwned DFU Mode with SHAtter exploit for S5L8930 devices.
  • Dump SecureROM on S5L8920/S5L8922/S5L8930 devices.
  • Dump NOR on S5L8920 devices.
  • Flash NOR on S5L8920 devices.
  • Encrypt or decrypt hex data on a connected device in pwned DFU Mode using its GID or UID key.”

Apple is yet to respond to requests for comment on this developing story. iOS was recently hit by the same Exodus spyware as . In late August, Google Project Zero revealed that iOS devices have been vulnerable to a string of zero-day exploits for two years.

Ryan Maskell
Ryan Maskellhttps://ryanmaskell.co.uk
Ryan has had a passion for gaming and technology since early childhood. Fusing the skills from his Creative Writing and Publishing degree with profound technical knowledge, he enjoys covering news about Microsoft. As an avid writer, he is also working on his debut novel.

Recent News